Latest news with #cryptography
Asia Times
2 days ago
- Business
- Asia Times
Is a quantum-cryptography apocalypse nigh?
Will quantum computers crack cryptographic codes and cause a global security disaster? You might certainly get that impression from a lot of news coverage, the latest of which reports new estimates that it might be 20 times easier to crack such codes than previously thought. Cryptography underpins the security of almost everything in cyberspace, from wifi to banking to digital currencies such as bitcoin. Whereas it was previously estimated that it would take a quantum computer with 20 million qubits (quantum bits) eight hours to crack the popular RSA algorithm (named after its inventors, Rivest–Shamir–Adleman), the new estimate reckons this could be done with 1 million qubits. By weakening cryptography, quantum computing would present a serious threat to our everyday cybersecurity. So is a quantum-cryptography apocalypse imminent? Quantum computers exist today but are highly limited in their capabilities. There is no single concept of a quantum computer, with several different design approaches being taken to their development. There are major technological barriers to be overcome before any of those approaches become useful, but a great deal of money is being spent, so we can expect significant technological improvements in the coming years. For the most commonly deployed cryptographic tools, quantum computing will have little impact. Symmetric cryptography, which encrypts the bulk of our data today (and does not include the RSA algorithm), can easily be strengthened to protect against quantum computers. Quantum computing might have a more significant impact on public-key cryptography, which is used to set up secure connections online. For example, this is used to support online shopping or secure messaging, traditionally using the RSA algorithm, though increasingly an alternative called elliptic curve Diffie-Hellman. Public key cryptography is also used to create digital signatures such as those used in bitcoin transactions, and uses yet another type of cryptography called the elliptic curve digital signature algorithm. If a sufficiently powerful and reliable quantum computer ever exists, processes that are currently only theoretical might become capable of breaking those public-key cryptographic tools. RSA algorithms are potentially more vulnerable because of the type of mathematics they use, though the alternatives could be vulnerable too. Such theoretical processes themselves will inevitably improve over time, as the paper about RSA algorithms is the latest to demonstrate. What remains extremely uncertain is both the destination and timelines of quantum computing development. We don't really know what quantum computers will ever be capable of doing in practice. Expert opinion is highly divided on when we can expect serious quantum computing to emerge. A minority seem to believe a breakthrough is imminent. But an equally significant minority think it will never happen. Most experts believe it is a future possibility, but prognoses range from between ten and 20 years to well beyond that. And will such quantum computers be cryptographically relevant? Essentially, nobody knows. Like most of the concerns about quantum computers in this area, the RSA paper is about an attack that may or may not work, and requires a machine that might never be built (the most powerful quantum computers currently have just over 1,000 qubits, and they're still very error-prone). From a cryptographic perspective, however, such quantum computing uncertainty is arguably immaterial. Security involves worst-case thinking and future-proofing. So it is wisest to assume that a cryptographically relevant quantum computer might one day exist. Even if one is 20 years away, this is relevant because some data that we encrypt today might still require protection 20 years from now. Experience also shows that in complex systems such as financial networks, upgrading cryptography can take a long time to complete. We therefore need to act now. The good news is that most of the hard thinking has already been done. In 2016, the US National Institute of Standards and Technology (NIST) launched an international competition to design new post-quantum cryptographic tools that are believed to be secure against quantum computers. In 2024, NIST published an initial set of standards that included a post-quantum key exchange mechanism and several post-quantum digital signature schemes. To become secure against a future quantum computer, digital systems need to replace current public-key cryptography with new post-quantum mechanisms. They also need to ensure that existing symmetric cryptography is supported by sufficiently long symmetric keys (many existing systems already are). The US NIST published post-quantum cryptographic standards in 2024. Photo: – Yuri A / The Conversation Yet my core message is don't panic. Now is the time to evaluate the risks and decide on future courses of action. The UK's National Cyber Security Center has suggested one such timeline, primarily for large organizations and those supporting critical infrastructure such as industrial control systems. This envisages 2028 as a deadline for completing a cryptographic inventory and establishing a post-quantum migration plan, with upgrade processes to be completed by 2035. This decade-long timeline suggests that NCSC experts don't see a quantum cryptography apocalypse coming anytime soon. For the rest of us, we simply wait. In due course, if deemed necessary, the likes of our web browsers, wifi, mobile phones and messaging apps will gradually become post-quantum secure either through security upgrades (never forget to install them) or steady replacement of technology. We will undoubtedly read more stories about breakthroughs in quantum computing and upcoming cryptography apocalypses as big technology companies compete for the headlines. Cryptographically relevant quantum computing might well arrive one day, most likely far into the future. If and when it does, we'll surely be ready. Keith Martin is professor at the Information Security Group, Royal Holloway University of London This article is republished from The Conversation under a Creative Commons license. Read the original article.
Yahoo
3 days ago
- Politics
- Yahoo
Is a quantum-cryptography apocalypse imminent?
Will quantum computers crack cryptographic codes and cause a global security disaster? You might certainly get that impression from a lot of news coverage, the latest of which reports new estimates that it might be 20 times easier to crack such codes than previously thought. Cryptography underpins the security of almost everything in cyberspace, from wifi to banking to digital currencies such as bitcoin. Whereas it was previously estimated that it would take a quantum computer with 20 million qubits (quantum bits) eight hours to crack the popular RSA algorithm (named after its inventors, Rivest–Shamir–Adleman), the new estimate reckons this could be done with 1 million qubits. By weakening cryptography, quantum computing would present a serious threat to our everyday cybersecurity. So is a quantum-cryptography apocalypse imminent? Get your news from actual experts, straight to your inbox. Sign up to our daily newsletter to receive all The Conversation UK's latest coverage of news and research, from politics and business to the arts and sciences. Quantum computers exist today but are highly limited in their capabilities. There is no single concept of a quantum computer, with several different design approaches being taken to their development. There are major technological barriers to be overcome before any of those approaches become useful, but a great deal of money is being spent, so we can expect significant technological improvements in the coming years. For the most commonly deployed cryptographic tools, quantum computing will have little impact. Symmetric cryptography, which encrypts the bulk of our data today (and does not include the RSA algorithm), can easily be strengthened to protect against quantum computers. Quantum computing might have more significant impact on public-key cryptography, which is used to set up secure connections online. For example this is used to support online shopping or secure messaging, traditionally using the RSA algorithm, though increasingly an alternative called elliptic curve Diffie-Hellman. Public key cryptography is also used to create digital signatures such as those used in bitcoin transactions, and uses yet another type of cryptography called the elliptic curve digital signature algorithm. If a sufficiently powerful and reliable quantum computer ever exists, processes that are currently only theoretical might become capable of breaking those public-key cryptographic tools. RSA algorithms are potentially more vulnerable because of the type of mathematics they use, though the alternatives could be vulnerable too. Such theoretical processes themselves will inevitably improve over time, as the paper about RSA algorithms is the latest to demonstrate. What remains extremely uncertain is both the destination and timelines of quantum computing development. We don't really know what quantum computers will ever be capable of doing in practice. Expert opinion is highly divided on when we can expect serious quantum computing to emerge. A minority seem to believe a breakthrough is imminent. But an equally significant minority think it will never happen. Most experts believe it a future possibility, but prognoses range from between ten and 20 years to well beyond that. And will such quantum computers be cryptographically relevant? Essentially, nobody knows. Like most of the concerns about quantum computers in this area, the RSA paper is about an attack that may or may not work, and requires a machine that might never be built (the most powerful quantum computers currently have just over 1,000 qubits, and they're still very error prone). From a cryptographic perspective, however, such quantum computing uncertainty is arguably immaterial. Security involves worst-case thinking and future proofing. So it is wisest to assume that a cryptographically relevant quantum computer might one day exist. Even if one is 20 years away, this is relevant because some data that we encrypt today might still require protection 20 years from now. Experience also shows that in complex systems such as financial networks, upgrading cryptography can take a long time to complete. We therefore need to act now. The good news is that most of the hard thinking has already been done. In 2016, the US National Institute for Standards and Technology (Nist) launched an international competition to design new post-quantum cryptographic tools that are believed to be secure against quantum computers. In 2024, Nist published an initial set of standards that included a post-quantum key exchange mechanism and several post-quantum digital signature schemes. To become secure against a future quantum computer, digital systems need to replace current public-key cryptography with new post-quantum mechanisms. They also need to ensure that existing symmetric cryptography is supported by sufficiently long symmetric keys (many existing systems already are). Yet my core message is don't panic. Now is the time to evaluate the risks and decide on future courses of action. The UK's National Cyber Security Centre has suggested one such timeline, primarily for large organisations and those supporting critical infrastructure such as industrial control systems. This envisages 2028 as a deadline for completing a cryptographic inventory and establishing a post-quantum migration plan, with upgrade processes to be completed by 2035. This decade-long timeline suggests that NCSC experts don't see a quantum cryptography apocalypse coming anytime soon. For the rest of us, we simply wait. In due course, if deemed necessary, the likes of our web browsers, wifi, mobile phones and messaging apps will gradually become post-quantum secure either through security upgrades (never forget to install them) or steady replacement of technology. We will undoubtedly read more stories about breakthroughs in quantum computing and upcoming cryptography apocalypses as big technology companies compete for the headlines. Cryptographically relevant quantum computing might well arrive one day, most likely far into the future. If and when it does, we'll surely be ready. This article is republished from The Conversation under a Creative Commons license. Read the original article. Keith Martin receives funding from EPSRC.
Yahoo
5 days ago
- Business
- Yahoo
Billionaire Chamath Palihapitiya has a blunt warning about quantum computing
Billionaire Chamath Palihapitiya has a blunt warning about quantum computing originally appeared on TheStreet. Billionaire investor Chamath Palihapitiya has warned that Google revealed breaking common encryption might be closer than we thought. 'If this is even remotely true, combined with everything else happening rn, the only safe trade are hard assets and, dare I say, gold,' Chamath posted on X. 'Sheesh.' In a blog post on May 23 titled 'Tracking the Cost of Quantum Factoring,' Google researchers announced they've drastically lowered the bar for what it would take to break RSA encryption, one of the most widely used security systems on the internet. 'Yesterday, we published a preprint demonstrating that 2048-bit RSA encryption could theoretically be broken by a quantum computer with 1 million noisy qubits running for one week,' wrote Craig Gidney and Sophie Schmieg from Google Quantum AI. Just five years ago, that number was 20 million qubits. Before that? A billion. RSA encryption is a form of asymmetric cryptography, which is basically a way to lock and unlock data using two separate keys: a public one and a private one. It's used in everything from HTTPS connections to secure emails, logins, and financial transactions. Google credits a combination of algorithmic improvements and more efficient quantum error correction. 'The reduction in physical qubit count comes from two sources: better algorithms and better error correction... On the algorithmic side, the key change is to compute an approximate modular exponentiation rather than an exact one.' They pointed to work by Chevignard, Fouque, and Schrottenloher from 2024 that enabled '1000x more operations than prior work,' which Google then optimized down to just 2x overhead. 'On the error correction side, the key change is tripling the storage density of idle logical qubits by adding a second layer of error correction,' the post added. This layered correction, plus a new technique called magic state cultivation, means quantum computers may now require far fewer resources to do serious damage. While RSA is not used in Bitcoin, the underlying principles matter. Bitcoin's cryptography, specifically, ECDSA (Elliptic Curve Digital Signature Algorithm)—is also vulnerable to quantum computing, just like RSA. And the threat isn't just theoretical. As Google notes: 'For asymmetric encryption, in particular encryption in transit, the motivation to migrate to PQC is made more urgent due to the fact that an adversary can collect ciphertexts, and later decrypt them once a quantum computer is available, known as a 'store now, decrypt later' attack.' That line is especially chilling for crypto. Anyone who's ever sent Bitcoin using a public key is technically exposed in a future where a powerful enough quantum computer exists. And the only thing standing between that and billions in value being drained is time and preparation. At the time of writing, Bitcoin was trading at $105,574, down 1.8% on the day, mirroring a broader pullback across the crypto market, with most major tokens in the red. Billionaire Chamath Palihapitiya has a blunt warning about quantum computing first appeared on TheStreet on May 30, 2025 This story was originally reported by TheStreet on May 30, 2025, where it first appeared. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
![Combine encryption with ID checks to fight grooming, expert tells govt [WATCH]](/_next/image?url=https%3A%2F%2Fassets.nst.com.my%2Fassets%2FNST-Logo%402x.png%3Fid%3Db37a17055cb1ffea01f5&w=48&q=75){kind=small}
New Straits Times
6 days ago
- New Straits Times
Combine encryption with ID checks to fight grooming, expert tells govt [WATCH]
KUALA LUMPUR: Encryption plays a critical role in securing online communication and protecting users—especially children—from threats such as grooming. Universiti Malaya forensic and cyber threat expert Professor Dr Ainuddin Wahid Abdul Wahab says that encryption can complement identity checks by providing another layer of protection. This follows what Communications Minister Fahmi Fadzil proposed; to consider mandatory user identity verification in light of rising online sexual predatory cases. "Encryption is really the way we can secure our communication," Ainuddin said. He explained the concept using a simple analogy: much like parents who discreetly spell out words or speak in a language their children do not understand to keep their conversations private, encryption masks the content of digital exchanges—even if someone is aware that a communication is taking place. This technique, he said, ensures that while a third party may see that data is being transmitted, they will not be able to decipher it without the appropriate cryptographic keys. He also pointed to Malaysia's homegrown advancements in cryptography, particularly the In-MaLi algorithm developed locally and internationally recognised. This cryptographic method is supported by the Malaysian Society for Cryptology Research and agencies like CyberSecurity Malaysia. He uses the analogy of house keys and an added padlock to explain how Malaysia enhances existing global encryption tools. "It's like renting a house and being given two keys. You're not sure who else might have copies, so you add your own padlock—your own third key. That way, only you can access it." This "three-tier lock system", he said, reflects how Malaysia builds additional layers of encryption over standard platforms to better protect user data. These locally developed add-ons ensure that only authorised parties—such as national cyber defence teams—can decrypt certain information, if necessary, and respond to emerging threats. Ainuddin added that while identity verification can deter online predators, encryption remains essential to securing private communication, safeguarding children, and bolstering national cyber resilience. On Tuesday, Fahmi said his ministry is reviewing several key measures to enhance online safety, including enforcing user verification or identity authentication. The move, he added, is crucial to protect children from becoming victims of online sexual predators. He expressed concern over a recent case involving a social media influencer who allegedly sent obscene images to a 14-year-old girl. "I'm deeply troubled by what happened — an influencer contacting a 14-year-old with lewd messages. This is something happening within our society.
Indian Express
7 days ago
- Indian Express
Quantum computers with 1 million qubits can crack RSA encryption in a week, Google study reveals
A new study by Google has found that quantum computers could break present-day encryption standards sooner than previously thought, raising security concerns and causing unease among cryptocurrency investors. Back in 2019, researchers at Google had estimated that a quantum computer would need to be powered by 20 million qubits in order to crack the encryption standards that make WhatsApp chats secure and protect Bitcoin transactions. However, in a new paper published on May 21, the same researchers have found that the 2048-bit Rivest–Shamir–Adleman (RSA) encryption standard could theoretically be cracked by a quantum computer with one million qubits running for one week. 'This is a 20-fold decrease in the number of qubits from our previous estimate, published in 2019,' Google researchers Craig Gidney and Sophie Schmieg wrote in a blog post on May 23. Understanding the theoretical size and performance of future quantum computers capable of breaking encryption standards could help guide the transition towards post-quantum cryptography or PQC. However, the researchers have also noted that existing quantum computers with relevant error rates are currently powered by 100 to 1,000 qubits. This suggests that building a quantum computer with one million qubits will require overcoming technical challenges and is still some years away. The codes used to encrypt data and secure messages rely on 'trapdoor' mathematical functions that work easily in one direction but are much harder to do in reverse. Hence, these functions make it easier to encrypt data, but decoding them is extremely difficult without a special key. It is practically impossible for a classical computer to factor numbers that are longer than 2048 bits. However, quantum computers can perform code-breaking calculations at a much faster rate than classical computers. In 1994, American mathematician Peter Shor came up with an algorithm which showed that a quantum computer scaled up to a certain capability can solve trapdoor functions with ease, and hence crack any system with RSA encryption. Since then, the number of qubits needed to run such a quantum computer has steadily declined, according to Google. In 2012, it was estimated that a 2048-bit RSA key could be broken by a quantum computer with a billion physical qubits. Seven years later, Google lowered that figure to 20 million physical qubits. Qubits are the building blocks of quantum computers. They serve as the basic unit of information with encoded data. Google has attributed the revision of qubit estimates to better algorithms and error correction techniques. Since physical qubits exist in multiple states, they lead to multiple outcomes. Getting the desirable outcome is a challenge as disturbances caused in any qubit can result in errors in calculations. Detecting and correcting these errors require algorithms which require extra qubits (logical qubits). Asymmetric algorithms such as RSA are used for encrypting data in transit. They form the basis of messaging services like WhatsApp. The Elliptic Curve Diffie-Hellman algorithm, which is also based on asymmetric cryptography, is used to secure Bitcoin transactions with public and private keys. Google said asymmetric encryption standards need to be urgently replaced with post-quantum encryption standards 'due to the fact that an adversary can collect ciphertexts, and later decrypt them once a quantum computer is available, known as a 'store now, decrypt later' attack.' Without specifically naming bitcoin or any other cryptocurrencies, Google said that signature keys need to be equipped with post-quantum cryptographic standards as they are 'harder to replace and much more attractive targets to attack, especially when compute time on a quantum computer is a limited resource.' Last year, a study by University of Kent's School of Computing found that Bitcoin would have to go offline for 300 days in order to be updated with a PQC protocol that would make the cryptocurrency immune to quantum computing-based attacks. Google said it has been working with the US National Institute of Standards and Technology (NIST) and others in government, industry, and academia to develop and transition to PQC. 'NIST recently concluded a PQC competition that resulted in the first set of PQC standards. These algorithms can already be deployed to defend against quantum computers well before a working cryptographically relevant quantum computer is built,' it said.
